Modify rule S4347: Change rule to be programming language agnostic (#…

…3836) * Modify rule S4347: Change rule to be programming language agnostic * Change 'random generator' to 'random number generator' * Adjust wording following review
SonarSource · Mar 29, 2024 · 373d953 · 373d953
1 parent 35115fa
commit 373d953
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 8 deletions.
diff --git a/rules/S4347/highlighting.adoc b/rules/S4347/highlighting.adoc
@@ -1,4 +1,10 @@
 === Highlighting
 
-The call to SecureRandom.setSeed() or the SecureRandom(byte[]) constructor call
+When the random number generator's output **is not** predictable by default:
 
+* The constructor or method call where the predictable seed is set.
+
+When the random number generator's output **is** predictable by default:
+
+* The first method call to generate a random value.
+* (Secondary) The creation of the random number generator.
diff --git a/rules/S4347/impact.adoc b/rules/S4347/impact.adoc
@@ -1,8 +1,8 @@
 === What is the potential impact?
-It is crucial to understand that the strength of cryptographic algorithms heavily relies on the quality of the random numbers used. By improperly seeding the `SecureRandom` class, we introduce a significant weakness that can be exploited by attackers.
+It is crucial to understand that the strength of cryptographic algorithms heavily relies on the quality of the random numbers used. By improperly seeding a CSPRNG, we introduce a significant weakness that can be exploited by attackers.
 
 ==== Insecure cryptographic keys
-One of the primary use cases for the `SecureRandom` class is generating cryptographic keys. If an attacker can predict the seed used to initialize the SecureRandom instance, they may be able to derive the same keys. Depending on the use case, this can lead to multiple severe outcomes, such as:
+One of the primary use cases for CSPRNGs is generating cryptographic keys. If an attacker can predict the seed used to initialize the random number generator, they may be able to derive the same keys. Depending on the use case, this can lead to multiple severe outcomes, such as:
 
 * Being able to decrypt sensitive documents, leading to privacy breaches or identity theft.
 * Gaining access to a private key used for signing, allowing an attacker to forge digital signatures and impersonate legitimate entities.

diff --git a/rules/S4347/message.adoc b/rules/S4347/message.adoc
@@ -1,4 +1,9 @@
 === Message
 
-Change this seed value to something unpredictable, or remove the seed.
+When the random number generator's output **is not** predictable by default:
 
+> Change this seed value to something unpredictable, or remove the seed.
+
+When the random number generator's output **is** predictable by default:
+
+> Set an unpredictable seed before generating random values.
diff --git a/rules/S4347/metadata.json b/rules/S4347/metadata.json
@@ -1,5 +1,5 @@
 {
-  "title": "\"SecureRandom\" seeds should not be predictable",
+  "title": "Secure random number generators should not output predictable values",
   "type": "VULNERABILITY",
   "code": {
     "impacts": {

diff --git a/rules/S4347/rationale.adoc b/rules/S4347/rationale.adoc
@@ -1,3 +1,3 @@
-`java.security.SecureRandom` is often used to generate random values for cryptographic algorithms. When a random number generator is used for cryptographic purposes, the generated numbers must be as random and unpredictable as possible. When `SecureRandom` is improperly seeded with a constant or a predictable value, its output will also be predictable.
+Random number generators are often used to generate random values for cryptographic algorithms. When a random number generator is used for cryptographic purposes, the generated numbers must be as random and unpredictable as possible. When the random number generator is improperly seeded with a constant or a predictable value, its output will also be predictable.
 
-This can have severe security implications for cryptographic operations that rely on the randomness of the generated numbers. By using a predictable seed, an attacker can potentially guess or deduce the generated numbers, compromising the security of whatever cryptographic algorithm relies on `SecureRandom`.
+This can have severe security implications for cryptographic operations that rely on the randomness of the generated numbers. By using a predictable seed, an attacker can potentially guess or deduce the generated numbers, compromising the security of whatever cryptographic algorithm relies on the random number generator.
diff --git a/rules/S4347/summary.adoc b/rules/S4347/summary.adoc
@@ -1 +1 @@
-When using `SecureRandom`, it is important not to use predictable seeds. This class is used to generate cryptographically strong random numbers. Using a predictable seed will make its output predictable as well, which counteracts the use case of `SecureRandom`.
+Cryptographic operations often rely on unpredictable random numbers to enhance security. These random numbers are created by cryptographically secure pseudo-random number generators (CSPRNG). It is important not to use a predictable seed with these random number generators otherwise the random numbers will also become predictable.
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		When using `SecureRandom`, it is important not to use predictable seeds. This class is used to generate cryptographically strong random numbers. Using a predictable seed will make its output predictable as well, which counteracts the use case of `SecureRandom`.
		Cryptographic operations often rely on unpredictable random numbers to enhance security. These random numbers are created by cryptographically secure pseudo-random number generators (CSPRNG). It is important not to use a predictable seed with these random number generators otherwise the random numbers will also become predictable.